Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33545 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-39162 | 2 Envoyproxy, Pomerium | 2 Envoy, Pomerium | 2021-09-27 | 5.0 MEDIUM | 8.6 HIGH |
| Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered. | |||||
| CVE-2021-22013 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2021-22014 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 9.0 HIGH | 7.2 HIGH |
| The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server. | |||||
| CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 7.2 HIGH | 7.8 HIGH |
| The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | |||||
| CVE-2021-33548 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33550 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33544 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33551 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33553 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33552 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33554 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2021-09-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-23044 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-09-27 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23033 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-27 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23032 | 1 F5 | 1 Big-ip Domain Name System | 2021-09-27 | 4.3 MEDIUM | 7.5 HIGH |
| On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23045 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-09-27 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2019-10172 | 4 Apache, Debian, Fasterxml and 1 more | 5 Spark, Debian Linux, Jackson-mapper-asl and 2 more | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. | |||||
| CVE-2021-38166 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-09-25 | 4.6 MEDIUM | 7.8 HIGH |
| In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. | |||||
| CVE-2021-22149 | 1 Elastic | 1 Enterprise Search | 2021-09-25 | 6.5 MEDIUM | 8.8 HIGH |
| Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. | |||||
| CVE-2020-28948 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2021-09-25 | 6.8 MEDIUM | 7.8 HIGH |
| Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | |||||
| CVE-2020-20892 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. | |||||
| CVE-2020-20891 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||||
| CVE-2020-20896 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. | |||||
| CVE-2020-20898 | 1 Ffmpeg | 1 Ffmpeg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | |||||
| CVE-2021-39544 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a heap-based buffer overflow. | |||||
| CVE-2021-39546 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer overflow. | |||||
| CVE-2021-39551 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overflow. | |||||
| CVE-2021-39550 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer overflow. | |||||
| CVE-2021-39552 | 1 Sela Project | 1 Sela | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflow. | |||||
| CVE-2021-39522 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow. | |||||
| CVE-2021-39525 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow. | |||||
| CVE-2021-39527 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow. | |||||
| CVE-2021-39528 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | |||||
| CVE-2021-39530 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. | |||||
| CVE-2021-39540 | 1 Pdftools Project | 1 Pdftools | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in pdftools through 20200714. A stack-buffer-overflow exists in the function Analyze::AnalyzePages() located in analyze.cpp. It allows an attacker to cause code Execution. | |||||
| CVE-2021-3706 | 1 Pi-hole | 1 Web Interface | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | |||||
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | |||||
| CVE-2021-23028 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23036 | 1 F5 | 3 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager, Big-ip Datasafe | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2021-23040 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2021-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-41033 | 1 Eclipse | 1 Equinox | 2021-09-24 | 6.8 MEDIUM | 8.1 HIGH |
| In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. | |||||
| CVE-2021-23042 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-30860 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2019-16869 | 4 Canonical, Debian, Netty and 1 more | 5 Ubuntu Linux, Debian Linux, Netty and 2 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | |||||
| CVE-2021-37201 | 1 Siemens | 1 Sinec Network Management System | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link. | |||||
| CVE-2021-37200 | 1 Siemens | 1 Sinec Network Management System | 2021-09-24 | 4.0 MEDIUM | 7.7 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. | |||||
| CVE-2021-23049 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 8 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23048 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 8 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2019-9489 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apex One As A Service and 3 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | |||||